The blobstorage output type sends alerts to individual files in a Google Cloud Storage bucket. The sensor can optionally create the target bucket or buckets so long as it has sufficient permissions.
Access to a Google Cloud Storage bucket can be granted by setting the GOOGLE_APPLICATION_CREDENTIALS environment variable.
This output type is commonly used for easy archiving of Alerts in a durable store. It can also be used as the trigger for an ETL process in cloud environments where blob storage write events trigger a cloud function that processes the incoming Alert. At this point Alerts can be enriched, transformed, and shipped out to other systems as needed.
Configuration:
| Key | Required | Description |
|---|---|---|
type |
yes | The output type. |
enabled |
yes | Enables/disables the output. |
provider |
yes | The cloud provider name. |
bucket_name |
yes | The name of the bucket to write to. This can be found from the project dashboard as shown below |
create_bucket |
no | Enables/disables bucket creation. |
Bucket name: From the Google Cloud Project Home->Dashboard, click on Storage. From there you can find the bucket name that can be used.
Google Cloud has no additional configuration.
Example sending Alerts to Google Cloud:
alert_output:
outputs:
# Write the Alert to GCP Storage authed through GOOGLE_APPLICATION_CREDENTIALS
- type: blobstorage
enabled: true
bucket_name: capsule8-alerts
provider: gcp
Comments
0 comments
Please sign in to leave a comment.